Issue #1648 has been updated by seanmil.
I would classify this as expected and desired behavior when running in either SELinux permissive or enforcing mode. Puppet is now asking the system what the proper SELinux file context should be (via matchpathcon) and using that as defaults for the new SELinux attributes - adjusting them on-disk as appropriate. Can you please clarify the problem? ---------------------------------------- Bug #1648: 0.24.6RC1 setting selinux permissions even when disabled http://projects.reductivelabs.com/issues/show/1648 Author: jenza Status: Accepted Priority: Normal Assigned to: seanmil Category: Red Hat Target version: 0.24.6 Complexity: Unknown Affected version: Keywords: Centos 5.1 2.6.18-92.el5 #1 SMP Tue Jun 10 18:51:06 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux. Selinux running in permissive mode on both client/server Upgraded client and server from 0.24.5 to 0.24.6RC1 and the following behavior started. <pre>[EMAIL PROTECTED] plugins]# puppetd --test --no-noop notice: Ignoring --listen on onetime run info: Caching catalog at /var/lib/puppet/state/localconfig.yaml notice: Starting catalog run notice: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/munin::plugins::interfaces/Munin::Plugin[if_eth0]/File[/etc/munin/plugins/if_eth0]/seluser: seluser changed 'user_u' to 'system_u' info: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/munin::plugins::interfaces/Munin::Plugin[if_eth0]/File[/etc/munin/plugins/if_eth0]: Scheduling refresh of Service[munin-node] notice: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[interrupts]/File[/etc/munin/plugins/interrupts]/seluser: seluser changed 'user_u' to 'system_u' info: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[interrupts]/File[/etc/munin/plugins/interrupts]: Scheduling refresh of Service[munin-node] notice: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[netstat]/File[/etc/munin/plugins/netstat]/seluser: seluser changed 'user_u' to 'system_u' info: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[netstat]/File[/etc/munin/plugins/netstat]: Scheduling refresh of Service[munin-node] notice: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[acpi]/File[/etc/munin/plugins/acpi]/seluser: seluser changed 'user_u' to 'system_u' info: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[acpi]/File[/etc/munin/plugins/acpi]: Scheduling refresh of Service[munin-node] notice: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[df_abs]/File[/etc/munin/plugins/df_abs]/seluser: seluser changed 'user_u' to 'system_u' info: //Node[obu-repos]/munin::client/munin::client::base/munin::plugins::base/munin::plugins::linux/Munin::Plugin[df_abs]/File[/etc/munin/plugins/df_abs]: Scheduling refresh of Service[munin-node] </pre> If I downgrade to puppet-0.24.5-1.el5 puppet runs fine with no changes while still using the 0.24.6RC1 server. <pre> [EMAIL PROTECTED] plugins]# puppetd --test --no-noop notice: Ignoring --listen on onetime run info: Caching catalog at /var/lib/puppet/state/localconfig.yaml notice: Starting catalog run info: Sent transaction report in 1.35 seconds notice: Finished catalog run in 5.54 seconds </pre> /etc/munin/plugins 0.26RC1 Client <pre> lrwxrwxrwx 1 user_u:object_r:etc_t root root 25 Oct 7 14:59 acpi -> /usr/share/munin/plugins/ lrwxrwxrwx 1 user_u:object_r:etc_t root root 28 Oct 7 14:58 cpu -> /usr/share/munin/plugins/cpu lrwxrwxrwx 1 user_u:object_r:etc_t root root 27 Oct 7 14:58 df -> /usr/share/munin/plugins/df lrwxrwxrwx 1 user_u:object_r:etc_t root root 31 Oct 7 14:59 df_abs -> /usr/share/munin/plugins/df_abs lrwxrwxrwx 1 user_u:object_r:etc_t root root 33 Oct 7 14:58 df_inode -> /usr/share/munin/plugins/df_inode </pre> 0.25 Client <pre>lrwxrwxrwx 1 root:object_r:etc_t root root 25 Sep 29 13:37 acpi -> /usr/share/munin/plugins/ lrwxrwxrwx 1 root:object_r:etc_t root root 28 Sep 29 13:37 cpu -> /usr/share/munin/plugins/cpu lrwxrwxrwx 1 root:object_r:etc_t root root 27 Sep 29 13:37 df -> /usr/share/munin/plugins/df lrwxrwxrwx 1 root:object_r:etc_t root root 31 Sep 29 13:37 df_abs -> /usr/share/munin/plugins/df_abs lrwxrwxrwx 1 root:object_r:etc_t root root 33 Sep 29 13:37 df_inode -> /usr/share/munin/plugins/df_inode </pre> ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
